Most audio and video communications traditionally rely on the physical protection of the transmission medium to prevent eavesdropping, theft of services, and other types of malicious activities. With the advent of the Internet, such communications are now being routinely routed over Internet Protocol (IP) routing networks that cannot guarantee the physical protection of the packetized data of a multimedia communication. Cryptography can be employed to provide an equivalent set of protections for the communication transmissions.
In a general form, a networked security system is integrated with an insecure networked system, such as a VoIP system. The networked security system consists of physically secured reference monitors, with key management and policy adjudication components, and client computing devices running software applications that require security services, such as policy enforcement and encrypted data transmissions. The VoIP system consists of a networked autonomous system of computers and software applications (agents, servers, gateways) using Internet application layer protocols such as SIP, SDP, RTP and RTCP, running over UDP or TCP transport layer protocols that in turn use the IP routing layer protocol (either IP version 4 or IP version 6).
Additionally, VoIP imposes unique constraints on a security system, making it difficult to use standard Internet security technologies as-is. VPN technology, such as IPSec, prevents intermediate VoIP servers from inspecting in transit VoIP messages, cannot support multicast VoIP transmissions, and cannot meet FCC mandated wiretap regulations. PKI technology, such as X.509, cannot securely identify VoIP entities and it cannot support the real-time revocation of them. Standard public key exchange protocols, such as Diffie-Hellman based ones, cannot support wiretap requirements. And standard symmetric key authentication protocols, such as Kerberos, do not properly support mandatory access policy controls among all VoIP entities in the system.